Bad signature (was: Re: GPG support in Mahogany)

Jeffrey Stedfast
Mon Dec 16 10:45:02 2002

Well, now it is my turn to appologise :-)

On Sun, 2002-12-15 at 06:22, Ingo Klöcker wrote:
> Yes, I didn't read the source code at all. But I also didn't make any 
> wild accusations. I just compared what someone of the Evolution 
> developers replied to Dave with what is said in RFC 3156. As you can 
> read above the developer claimed that "the raw data as originally found 
> in the mbox file" is fed to gpg. This would not be correct since the 
> CRLF canonicalization is missing (or maybe you store all emails with 
> CRLF in the mbox file, but that would be very unusual on a Unix 
> system).

I now see how you reached your conclusion. I should have been more
precise I guess.

> > This is the kind of thing that I do not particularly appreciate.
> Well, I'm sorry that you misread my reply. And I'm glad that my 
> hypothesis was wrong and that Evolution now seems to be compatible with 
> KMail (after I fixed a bug in KMail).

good good :-)

> > > "Upon receipt of a signed message, an application MUST:
> > >
> > >    (1)   Convert line endings to the canonical <CR><LF> sequence
> > > before the signature can be verified.  This is necessary since the
> > > local MTA may have converted to a local end of line convention.
> >
> > we do.
> Good. But that's not what Dave was told.
> > >    (2)   Pass both the signed data and its associated content
> > > headers along with the OpenPGP signature to the signature
> > > verification service."
> >
> > we do. Is there a reason you pasted this section of rfc3156? Or are
> > you just trying to be a smart-ass?
> I quoted this section because this section explains what a MUA has to do 
> to verify a OpenPGP/MIME signature. And as Evolution had problems with 
> verifying OpenPGP/MIME signed messages created by KMail I wanted to be 
> sure that the error is in KMail and not in Evolution.
> This error stems from the fact that Evolution seems (another wild 
> accusation ?) to strip off trailing spaces before it passes the signed 
> stuff to gpg. Is this assumption correct? If not, then I'd like to know 
> why else Evolution had problems to verify some of my messages (which 
> contained trailing spaces) while now that KMail doesn't create any 
> trailing spaces anymore Evolution doesn't seem to have any problems 
> anymore.

Aha, it seems it does set the CANON_STRIP flag when verifying as well.
This should probably be considered a bug. I will send a patch in for
review right away.

We should only be using CANON_CRLF.

> > > Now I wonder whether the developers of Evolution forgot the
> > > <CR><LF> canonicalization or whether they only forgot to tell you
> > > about it.
> >
> > Uh... we did not forget about it. We do perform CRLF canonicalisation
> > before passing it off to gpg. What makes you think that we don't? Is
> > there any valid proof? If there is, I would like to see it. If there
> > are situations in which our CRLF filter fails, I would like to know
> > about it so that I may fix it.
> >
> > Please see
> > evolution/camel/camel-multipart-signed.c:camel_multipart_signed_sign(
> >) for proof that we did it right.
> Thanks.
> > > BTW, this message was created after applying a fix to KMail (now
> > > KMail encodes trailing spaces correctly). Is the signature now
> > > valid, Dave?
> > >
> > > Regards,
> > > Ingo
> >
> > Ingo, next time you feel that Evolution is doing something
> > incorrectly - please be a man and come to me with the problem so that
> > I may look into it rather than you going off and spouting false
> > accusations. No one appreciates this, especially when they work hard
> > to make it fully compliant with all relavent specifications and
> > otherwise do the best they can do.
> Sorry, about that. We (the subscribers of the gnupg-users ml) just tried 
> to find out why some of the members of gnupg-users had problems 
> verifying the messages of other members. One reason turned out to be a 
> bug in KMail and I'm glad that I could fix it.

seems there is also a bug in Evolution :-)

> I didn't want to give anyone the impression that Evolution is doing 
> something wrong. I just noticed that what whoever told to Dave is not 
> in accordance with the specs. And therefore I wanted to be sure that 
> this person just didn't tell Dave the whole thing resp. that he omitted 
> telling him an important detail (that's what I meant by "or they did 
> omit an important detail"). My only fault is that I should have 
> probably cc'ed my message to the evolution-developers mailing list 
> (assuming that such a mailing list exists).

All is forgiven :-)


> Regards,
> Ingo
Jeffrey Stedfast
Evolution Hacker - Ximian, Inc.  -